Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,196
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,483
Pub
12
RubyGems
992
Rust
1,186
Swift
51
Unreviewed advisories
All unreviewed
5,000+

3,942 advisories

Loading
A vulnerability was found in iJason-Liu Books_Manager up to... Moderate Unreviewed
CVE-2026-1445 was published Jan 27, 2026
Incorrect access control in the importUser function of SpringBlade v4.5.0 allows attackers with... Critical Unreviewed
CVE-2025-70982 was published Jan 26, 2026
A vulnerability was determined in code-projects Online Examination System 1.0. Affected by this... Moderate Unreviewed
CVE-2026-1423 was published Jan 26, 2026
A vulnerability was identified in PHPGurukul News Portal 1.0. This affects an unknown part of the... Moderate Unreviewed
CVE-2026-1424 was published Jan 26, 2026
Incorrect access control in the selectDept function of RuoYi v4.8.2 allows unauthorized attackers... High Unreviewed
CVE-2025-70986 was published Jan 23, 2026
Incorrect access control in the update function of RuoYi v4.8.2 allows unauthorized attackers to... Critical Unreviewed
CVE-2025-70985 was published Jan 23, 2026
Incorrect access control in the authRoutes function of SpringBlade v4.5.0 allows attackers with... Critical Unreviewed
CVE-2025-70983 was published Jan 23, 2026
phpMyFAQ: Attachment download allowed without dlattachment right (broken access control) Moderate
CVE-2026-24420 was published for phpmyfaq/phpmyfaq (Composer) Jan 23, 2026
Brahim-Fouad Credited to Brahim-Fouad
An unauthenticated information disclosure vulnerability in Newgen OmniApp allows attackers to... High Unreviewed
CVE-2025-69908 was published Jan 23, 2026
An unauthenticated information disclosure vulnerability exists in Newgen OmniDocs due to missing... High Unreviewed
CVE-2025-69907 was published Jan 23, 2026
Improper access control in Azure Resource Manager allows an authorized attacker to elevate... Critical Unreviewed
CVE-2026-24304 was published Jan 23, 2026
Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate... Critical Unreviewed
CVE-2026-24306 was published Jan 23, 2026
Gitea does not properly validate repository ownership when linking attachments to releases Moderate
CVE-2026-20912 was published for github.com/go-gitea/gitea (Go) Jan 23, 2026
Gitea does not properly validate ownership when toggling OpenID URI visibility Moderate
CVE-2026-20904 was published for github.com/go-gitea/gitea (Go) Jan 23, 2026
Gitea may send release notification emails for private repositories to users whose access has been revoked Low
CVE-2026-0798 was published for code.gitea.io/gitea (Go) Jan 23, 2026
Gitea does not properly validate repository ownership when deleting Git LFS locks Moderate
CVE-2026-20897 was published for github.com/go-gitea/gitea (Go) Jan 23, 2026
Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface Moderate
CVE-2026-20888 was published for github.com/go-gitea/gitea (Go) Jan 23, 2026
Gitea does not properly validate project ownership in organization project operations Moderate
CVE-2026-20750 was published for github.com/go-gitea/gitea (Go) Jan 23, 2026
Gitea improperly exposes issue titles and repository names through previously started stopwatches Low
CVE-2026-20883 was published for github.com/go-gitea/gitea (Go) Jan 23, 2026
Gitea has improper access control for uploaded attachments Low
CVE-2026-20736 was published for code.gitea.io/gitea (Go) Jan 23, 2026
Keycloak Admin REST API exposes backend schema and rules Low
CVE-2025-14083 was published for org.keycloak:keycloak-services (Maven) Jan 21, 2026
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). ... High Unreviewed
CVE-2026-21984 was published Jan 21, 2026
Vulnerability in the Oracle Applications DBA product of Oracle E-Business Suite (component: Java... Moderate Unreviewed
CVE-2026-21960 was published Jan 21, 2026
Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle... Critical Unreviewed
CVE-2026-21962 was published Jan 21, 2026
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). ... High Unreviewed
CVE-2026-21982 was published Jan 21, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database